<?php

$oper = $_POST['oper'];

if (!isset($oper))
{
    die("Unknown command");
}

function check_user($_login)
{
    global $dbh;

    try
    {
        $sth = $dbh->prepare('select count(*) as count from users where login=:login');

        if ($sth->execute(array(':login' => rtrim(ltrim(addslashes($_login))) )))
        {
            $alldb = $sth->fetchAll(PDO::FETCH_ASSOC); 

            if ($alldb[0]['count'] > 0)
            {
                $response['error'] = 'Пользователь с таким логином уже существует.';
            }
            else
            {
                return; 
            }
        }
    }
    catch(Exception $e)
    {
        $response['error'] = 'Невозможно проверить пользователя.';
    }

    return json_encode($response);
}


$admin = true;
require_once('auth_req.inc.php');

switch ($oper) 
{

    case 'edit':

            if ($_POST['login'] != $_POST['id'])
            {
                $response = check_user($_POST['login']);

                if (isset($response))
                {
                    die($response);
                }
            }

            if (($_POST['password1'] == $_POST['password2']))
            {
                try
                {
                    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                    $dbh->beginTransaction();

                    if ($_POST['password1'] == '')
                    {
                        $sth = $dbh->prepare('update users set login=:login, name=:name, role=:role where login=:id');

                        $sth->bindParam(':login',$_POST['login']);    
                        $sth->bindParam(':name',$_POST['name']);
                        $sth->bindParam(':role',intval($_POST['role']),  PDO::PARAM_INT); 
                        $sth->bindParam(':id',$_POST['id']);

                        $sth->execute();

                    }
                    else
                    {
                        $sth = $dbh->prepare('update users set login=:login, name=:name, password=PASSWORD(:password), role=:role where login=:id');

                        $sth->bindParam(':login',$_POST['login']);    
                        $sth->bindParam(':name',$_POST['name']);
                        $sth->bindParam(':password',$_POST['password1']);
                        $sth->bindParam(':role',intval($_POST['role']),  PDO::PARAM_INT); 
                        $sth->bindParam(':id',$_POST['id']);    

                        $sth->execute();
                    }   

                    $dbh->commit();
                }
                catch (Exception $e)
                {
                    $dbh->rollBack();
                }
            }

        break;

    case 'add':

            $response = check_user($_POST['login']);

            if (isset($response))
            {
                die($response);
            }

            if (($_POST['password1'] != '') && ($_POST['password1'] == $_POST['password2']))
            {
                try
                {
                    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                    $dbh->beginTransaction();

                    $sth = $dbh->prepare('insert into users (login, name, password, role) values (?,?,PASSWORD(?),?)');
                    $sth->execute(array($_POST['login'], $_POST['name'], $_POST['password1'], $_POST['role']));

                    $dbh->commit();
                }
                catch (Exception $e)
                {
                    $dbh->rollBack();

                }
            }
        break;

    case 'del':

            try
            {
                $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                $dbh->beginTransaction();

                $sth = $dbh->prepare('delete from users where login=:login');
                $sth->bindParam(':login',$_POST['id']);    
                $sth->execute();

                $dbh->commit();
            }
            catch (Exception $e)
            {
                $dbh->rollBack();
            }

        break;
}
?>